[CERT-daily] Tageszusammenfassung - 17.05.2021

Mon May 17 18:16:09 CEST 2021

=====================
= End-of-Day report =
=====================

Timeframe:   Freitag 14-05-2021 18:00 − Montag 17-05-2021 18:00
Handler:     Thomas Pribitzer
Co-Handler:  Stephan Richter

=====================
=       News        =
=====================

∗∗∗ Exploit released for wormable Windows HTTP vulnerability ∗∗∗
---------------------------------------------
Proof-of-concept exploit code has been released over the weekend for a critical wormable vulnerability in the latest Windows 10 and Windows Server versions.
---------------------------------------------
https://www.bleepingcomputer.com/news/security/exploit-released-for-wormable-windows-http-vulnerability/


∗∗∗ Bizarro banking Trojan expands its attacks to Europe ∗∗∗
---------------------------------------------
Bizarro is yet another banking Trojan family originating from Brazil that steals credentials from customers of 70 banks from different European and South American countries.
---------------------------------------------
https://securelist.com/bizarro-banking-trojan-expands-its-attacks-to-europe/102258/


∗∗∗ Ransomware Defenses, (Mon, May 17th) ∗∗∗
---------------------------------------------
Ransomware attacks continue to be in the headlines everywhere, and are also an almost weekly reoccurring subject in the SANS Newsbites. As useful as many of the reports are that security firms and researchers publish on the subject, they often focus heavily on one particular incident or type of ransomware, and the associated "indicators of compromise" (IOCs). We already covered before how IOCs can turn into IOOI's (Indicators of Outdated Intelligence), and how to try to [...]
---------------------------------------------
https://isc.sans.edu/diary/rss/27420


∗∗∗ AHK RAT Loader Used in Unique Delivery Campaigns ∗∗∗
---------------------------------------------
The Morphisec Labs team has tracked a unique and ongoing RAT delivery campaign that started in February of this year. This campaign is unique in that it heavily uses the AutoHotKey scripting language - a fork of the AutoIt language that is frequently used for testing purposes.
---------------------------------------------
https://blog.morphisec.com/ahk-rat-loader-leveraged-in-unique-delivery-campaigns


∗∗∗ Take action now - FluBot malware may be on its way ∗∗∗
---------------------------------------------
Why FluBot is a major threat for Android users, how to avoid falling victim, and how to get rid of the malware if your device has already been compromised
---------------------------------------------
https://www.welivesecurity.com/2021/05/17/take-action-now-flubot-malware-may-be-on-its-way/


∗∗∗ Two attacks disclosed against AMD’s SEV virtual machine protection system ∗∗∗
---------------------------------------------
Chipmaker AMD has issued guidance this week for two attacks against its SEV (Secure Encrypted Virtualization) technology that protects virtual machines from rogue operating systems. The two attacks, documented in two academic papers, can allow a threat actor to inject malicious code inside SEV-encrypted virtual machines, giving them full control over the VMs operating system.
---------------------------------------------
https://therecord.media/two-attacks-disclosed-against-amds-sev-virtual-machine-protection-system/


=====================
=  Vulnerabilities  =
=====================

∗∗∗ Beckhoff Security Advisory 2021-002: Stack Overflow and XXE vulnerability in various OPC UA products ∗∗∗
---------------------------------------------
The affected products can act as OPC UA client or server and are vulnerable to two different kind of attacks via the OPC UA protocol.
---------------------------------------------
https://download.beckhoff.com/download/document/product-security/Advisories/advisory-2021-002.pdf


∗∗∗ SSA-695540: ASM and PAR File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.1.0.2 ∗∗∗
---------------------------------------------
Siemens has released version V13.1.0.2 for JT2Go and Teamcenter Visualization to fix multiple vulnerabilities that could be triggered when the products read files in ASM and PAR file formats.
---------------------------------------------
https://cert-portal.siemens.com/productcert/txt/ssa-695540.txt


∗∗∗ Security updates for Monday ∗∗∗
---------------------------------------------
Security updates have been issued by Debian (libimage-exiftool-perl and postgresql-9.6), Fedora (chromium, exiv2, firefox, kernel, kernel-headers, kernel-tools, mariadb, and python-impacket), Mageia (avahi), openSUSE (chromium, drbd-utils, dtc, ipvsadm, jhead, nagios, netdata, openvpn, opera, prosody, and virtualbox), Slackware (libxml2), SUSE (kernel and lz4), and Ubuntu (intel-microcode, python-eventlet, and rust-pleaser).
---------------------------------------------
https://lwn.net/Articles/856437/


∗∗∗ Security Bulletin: Multiple Apache Tomcat Vulnerabilities Affect IBM Control Center ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-apache-tomcat-vulnerabilities-affect-ibm-control-center/


∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in XStream ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-xstream-2/


∗∗∗ Security Bulletin: Guava Google Core Libraries Vulnerability Affects IBM Control Center (CVE-2020-8908) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-guava-google-core-libraries-vulnerability-affects-ibm-control-center-cve-2020-8908/


∗∗∗ Security Bulletin: IBM InfoSphere DataStage is affected by an Information disclosure vulnerability ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-infosphere-datastage-is-affected-by-an-information-disclosure-vulnerability/


∗∗∗ Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in FasterXML jackson-dataformat ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-ibm-watson-discovery-for-ibm-cloud-pak-for-data-affected-by-vulnerability-in-fasterxml-jackson-dataformat/


∗∗∗ Security Bulletin: Apache Ant Vulnerabilities Affect IBM Control Center (CVE-2020-1945, CVE-2020-11979) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-apache-ant-vulnerabilities-affect-ibm-control-center-cve-2020-1945-cve-2020-11979/


∗∗∗ Security Bulletin: Multiple CKEditor Vulnerabilities Affect IBM Control Center ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-multiple-ckeditor-vulnerabilities-affect-ibm-control-center/


∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data – Python (CVE-2020-15801) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-python-cve-2020-15801/


∗∗∗ Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data – OpenSSL ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-pak-for-data-openssl/


∗∗∗ Security Bulletin: H2 Database Vulnerabilities Affect IBM Control Center (CVE-2018-10054, CVE-2018-14335) ∗∗∗
---------------------------------------------
https://www.ibm.com/blogs/psirt/security-bulletin-h2-database-vulnerabilities-affect-ibm-control-center-cve-2018-10054-cve-2018-14335/

-- 
CERT.at Daily mailing list
Listinfo: https://lists.cert.at/cgi-bin/mailman/listinfo/daily